(0Day) Rocket Servergraph Admin Center for TSM userRequest/tsmRequest Command Injection Remote Code Execution Vulnerability

ID ZDI-14-164
Type zdi
Reporter Andrea Micalizzi (rgod)
Modified 2014-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the userRequest servlet. It is possible to inject arbitrary operating system commands when the servlet is processing auth, auth_session, auth_simple, add, add_flat, remove, set_pwd, add_permissions, revoke_permissions, runAsync, and tsmRequest commands. A remote attacker can leverage this vulnerability to execute remote code under the context of the SYSTEM user.